Skip to content
11:11 Systems
Rethink Connected
11:11 Systems11:11 Systems
  • Why 11:11
    • Submenu
      • Column 1
        • Cloud Console
          Cloud Console
          Compliance
          Compliance

      • Column 2
        • Global Regions
          Cloud Regions
          Catalyst
          Planning and Assessment

      • WHY CHOOSE 11:11
      • Overview
      • Leadership
      • News & Media
      •  
      • Careers
      • Technology Partners
      • Customer Stories
  • Products & Services
    • Products & Services
      • CLOUD
      • Cloud Overview
      • Public Cloud
      • Private Cloud
      • Object Storage
      • Cloud Labs
      • Colocation/Bare-Metal
      • BACKUP
      • Backup Overview
      • Veeam Backup
      • Microsoft 365 Backup
      • Managed Backup for Cohesity
      • DISASTER RECOVERY
      • DRaaS Overview
      • DRaaS for Veeam
      • DRaaS for Zerto
      • DRaaS for Azure
      • Autopilot
      • SECURITY
      • Security Overview
      • Continuous Risk Scanning
      • Managed SIEM
      • Managed EDR
      • Managed Firewall
      • CONNECTIVITY
      • Connectivity Overview
      • SD-WAN
      • Multi-Cloud Connect
      • Managed IP
  • Solutions
    • Solutions Submenu
      • INDUSTRY
      • Education
      • Financial
      • Government
      • Healthcare
  • Partners
    • Partners Submenu
      • Overview
      • Become a Partner
      • Partner Portals
  • Resources
    • Resources Submenu
      • Events
      • Webinars
      • News & Media
      • White Papers
      • Podcast
      • Data Sheets
      • Customer Stories
      • Innovation Blog
  • Support
    • Support Submenu
      • Contact Support
      • Product Documentation
      • API Documentation
Search:
  • Console Login
  • Contact
Header Right Menu
Free Trial
  • Why 11:11
    • Cloud Console
    • Compliance
    • Cloud Regions
    • Planning and Assessment
    • WHY CHOOSE 11:11
    • Overview
    • Leadership
    • News & Media
    • Careers
    • Technology Partners
    • Customer Stories
    • Blog
  • Products & Services
    • CLOUD
    • Cloud Overview
    • Public Cloud
    • Private Cloud
    • Object Storage
    • Cloud Labs
    • Colocation/Bare-Metal
    • BACKUP
    • Backup Overview
    • Veeam Backup
    • Microsoft 365 Backup
    • Managed Backup for Cohesity
    • DISASTER RECOVERY
    • DRaaS Overview
    • DRaaS for Veeam
    • DRaaS for Zerto
    • DRaaS for Azure
    • Autopilot
    • SECURITY
    • Security Overview
    • Continuous Risk Scanning
    • Managed SIEM
    • Managed EDR
    • Managed Firewall
    • CLOUD CONNECTIVITY
    • Connectivity Overview
    • SD-WAN
    • Multi Cloud Connect
    • Managed IP
  • Solutions
    • INDUSTRY
    • Education
    • Financial
    • Government
    • Healthcare
    • Column 2
  • Partners
    • Overview
    • Become a Partner
    • Partner Portals
  • Resources
    • Events
    • Webinars
    • News & Media
    • Whitepapers
    • Podcast
    • Datasheets
    • Customer Stories
    • Innovation Blog
  • Support
    • Contact Support
    • Success Center
    • API Documentation
  • Contact
  • Console Login
  • Free Trial
Tags: The NIST CyberSecurity FrameworkCyberSecurity Awareness Month
Author: Alex Reid
Date: October 26, 2022

The NIST CyberSecurity Framework: Protect

As you may have already heard, 11:11 Systems is focusing in on the NIST CyberSecurity Framework as part of global CyberSecurity Awareness Month. This framework outlines a full security strategy for any company or organization to proactively identify and protect against security threats, and detect breaches when they do happen. This enables the organization to respond appropriately in order to recover from any damages with minimal impact.

This post focuses on the “Protect” function of the NIST framework. In Jim’s post, we looked at the Identify function as a way to analyze and evaluate security threats that may be present in your organization, from its core internal structure all the way through external elements (such as your supply chain). The Protect function takes that output and uses it to construct technology and procedures that safeguard your data and services against those threats.

The intent of these safeguards is twofold:

  • Proactively shield your organization against cybersecurity events
  • Limit or contain the impact of a potential cybersecurity event

Building the Phalanx

Just like each of the other four functions of the NIST framework, protecting your organization from cybersecurity threats is an ongoing effort. We can break that effort down into a handful of different categories, which we will go over below. More important than the actual ways in which you implement these controls, however, is that they must all work together to protect your entire organization.

The Phalanx was an ancient Greek battle formation made up of hoplite soldiers wielding overlapping shields. Each shield protected not only the hoplite bearing it, but also those behind them — meaning each shield in the wall is critical. If there is a gap between shields, the entire unit is compromised. Encryption by itself does nothing to protect your services if your staff is not trained to avoid plugging in USB disks they find on the street. Overlap between protections also enables your Security team to better contain the impact of a potential breach.

Each of 11:11 Systems’ services is designed to work in this way. Managed Security services such as Managed EDR, Managed Firewall, and Managed SIEM allow our SOC to implement controls that map to several of the categories below. Data security is built into the DNA of our BaaS, DRaaS, and IaaS services through design, architecture, and best-of-breed solutions. Working with 11:11 can act as a force multiplier for your IT and security teams to implement a better, safer cybersecurity protection plan.

Types of Protection

Identity Management, Authentication and Access Control

Hopefully most of us are utilizing Multi-Factor Authentication at the very least. In 2022, that is the minimum requirement to be considered even remotely secure. However, you would be mistaken for thinking that MFA is the end-all-be-all of authentication. The Identity Management landscape has exploded in the past five years, growing to include micro-segmentation and Zero-Trust Network Access (ZTNA). For many organizations, the simplest solution to Identity Management is to leverage a third-party vendor such as Duo or Okta to authenticate users. Keep in mind that this type of control also extends all the way to the edge of your service architecture, including how your service reacts to externalities such as DDOS attacks.

Awareness and Training

The user will always be the weakest point in a cybersecurity protection plan, enough so that some security administrators fall into the trap of thinking that your users are actively working against you. In reality, users simply have other things to worry about: job functions, home life, what to eat for lunch that day … any number of things that most folks would consider ahead of cybersecurity. A small amount of training can go a long way towards reducing your company’s vulnerability towards Phishing or other attacks from 60 percent to under 10 percent in 12 months. Security Awareness Training is a crucial tool to educate your users on an ongoing basis.

Data Security

Data is at the core of any service, and securing it is an incredibly wide and diverse discipline. Data can be in one of two states: at-rest, or in-flight. Security for data that is at-rest is mostly understood as encryption. While simple in principle, the encryption method for your data must allow you at minimum to retrieve it when needed, preferably quickly and automatically. That means it is important to make sure you understand all of the different places your data ends up so that you can be sure it gets encrypted every step of the way. Data in-flight is somewhat more difficult to encrypt and secure, but with a properly-configured Next-Generation Firewall you can mitigate much of this risk. 11:11 offers a Managed Firewall solution to secure the data entering and leaving your organization. Finally, if your service includes a public-facing component, you will need to understand certificate and key management in order to operate at scale.

Protective Technology

Your servers and endpoints are where your security policies are actually implemented, and there are many point solutions that protect this part of your security landscape. You can assemble features like Group Policy, Mobile Device Management, and Application Whitelists into a security strategy. Your Next-Generation Firewall will also act as a protective layer. However, since the protective layer built into most endpoints is simply not sufficient for protection against the modern cyber threat landscape, part of your Protective Technology plan should include a Next-Generation Anti-Malware solution (such as 11:11’s Managed EDR platform). This acts not only as a prophylactic, but also ties in with the other NIST functions – strengthening the phalanx.

Information Protection Processes and Procedures

In the end, the safety measures we have gone over so far are all governed by your organization’s processes and procedures. This is how the careful planning you have done in designing your security posture are realized. Once your security policies are planned, and you know the way in which you want to implement them, you must then enact those changes.

Security-focused Configuration Management Phases

Finally, you will need to monitor that those changes actually happen, and that your environment is more secure because of them. To assist in Monitoring, 11:11 offers Managed SIEM and Continuous Risk Scanning to provide deep visibility to your environment. With these tools you can validate that your configuration changes generate real-world results.

There are a huge number of security policies that you can implement in organizations of any size: encryption specifications, vulnerability scanning policies, device guidelines, resiliency guidelines … the list goes on. But you don’t need to get bogged down in the sheer number. Just keep in mind that the more you can put down in writing, the closer your organization will be able to follow your vision for its cybersecurity posture.

From the First Shield to the Last

Building your first NIST-compatible cybersecurity protection plan may seem daunting. Just remember: Your cybersecurity posture is a perpetual process, not a one-time setup. The reality is that attempting to shore up an entrenched poor security posture can be more difficult than just starting from scratch with a solid plan. You may be a small enterprise looking to start strong, or an established organization that needs an upgrade. You may even be looking to revamp your security policy in the aftermath of a breach. No matter your starting point, 11:11 Systems has the tools and expertise to help protect your data and services.

Categories: Cybercrime, Ransomware, SecurityBy Alex ReidOctober 26, 2022
Tags: The NIST CyberSecurity FrameworkCyberSecurity Awareness Month
Alex Reid

Author: Alex Reid

Alex Reid is a Product Architect with 11:11 Systems. He's a lifelong technologist, hardware enthusiast, and security paranoiac. For the past decade, he's been working officially in IT, picking up additional background in virtualization platforms and experience in a variety of technical cloud roles at Cirrity, Green Cloud Defense, and now on the product innovation team at 11:11. Alex holds a degree in Computer Engineering.

Post navigation

PreviousPrevious post:Celebrating Get To Know Your Customers DayNextNext post:The NIST CyberSecurity Framework: Detect

Related Posts

Security
You Can’t Win: Learning to Live with Security Pessimism
March 13, 2023
Building a Championship-Caliber Data Security Strategy
February 15, 2023
Veeam 12
Veeam 12 Preview: Multi-Factor Authentication
February 7, 2023
Preparing for 2023 with 11:11 Systems: IT Trends in Security, Cloud, and More
February 1, 2023
What is 11:11 Systems?
What is 11:11 Systems? A company built on cloud, connectivity, and security
January 30, 2023
11:11 Systems Wins 2022 Backup and Disaster Recovery Award from Cloud Computing Magazine
January 25, 2023
PRODUCTS & SERVICES
  • Cloud
  • Backup
  • Disaster Recovery
  • Managed Security
  • Connectivity Solutions
  • Compliance
COMPANY
  • Why 11:11
  • Customer Stories
  • Careers
  • Leadership
  • Technology Partners
  • News & Media
  • Contact Support
CLOUD REGIONS
  • North America
  • EMEA
  • APAC
CONNECT
  • LinkedIn
  • Twitter
  • Facebook
  • Youtube

© 2023 11:11 Systems Inc., All Rights Reserved | Privacy Notice

Go to Top
PRIVACY POLICY AND COOKIE CONSENT
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}
PRIVACY POLICY AND COOKIE CONSENT
To provide the best experiences, we use technologies like cookies to store and/or access device information that allows us to process data such as browsing behavior. Not consenting or withdrawing consent, may adversely affect certain features and functions. By clicking Accept, closing this message, or continuing to browse, you consent to these technologies and accept our Privacy Notice.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}